Share this
dnsUNFILTERED: Will Brooks, Scaling the Wall
Ready to smash the wall of cyber insurance? Discover how MSPs can turn their fears into a competitive edge. In episode 37 of dnsUNFILTERED, host Mikey Pruitt sits down with Will Brooks to talk about Ukon’s mission to make cyber insurance simpler and more accessible. The conversation covers the tough journey from Fifth Wall to Ukon, the gaps MSPs face when navigating insurance marketplaces, and why strong cybersecurity frameworks matter. Will shares practical tips on client education, building trust, and the power of local community networking. If you’re an MSP or a cyber security consultant looking for real‑world strategies, this chat is a gold mine.
-
Ukon redefines the cyber insurance process for businesses and agents alike.
-
MFA and solid frameworks boost insurance eligibility like a power‑up.
-
MSPs that network locally become trusted advisors, not just tech support.
-
Educating clients on cyber insurance removes guesswork and lowers risk.
-
Collaboration between MSPs and agents is the next frontier for a safer digital world.
[00:00:00] Mikey Pruitt: Welcome everybody to another episode of dnsUNFILTERED. Today I'm joined by Will Brooks. I'm a little bit under the weather today, so he's gonna be carrying the show but will welcome to the show. Appreciate it.
[00:00:11] Will Brooks: Thanks. I am over the weather meaning it has been not the most beautiful here, but then actually it has been.
It was really ugly. And then we got like these two days of beautiful sunshine, so I guess I'm not over it anymore. I like it now.
[00:00:27] Mikey Pruitt: Yeah, it's growing on you. It's like the fall. We're here in the fall of 2025. It's beautiful here outside. I, however, got hit by the medieval plague for my young child, which we had a moment of laughter about.
Your child's about 17 months old, so you'll actually The pain soon. Oh, today, 17 months today. Yeah. You'll know the pain soon pro, I promise you. But my first question was really about. Your company, Yukon. Which was previously Fifth Wall. Yes. So can you tell me about that transition and the purpose of the rebranding?
[00:01:01] Will Brooks: Yeah. So there's a little bit of. I think confusion around it for a couple different reasons. So first of all, Fifth Wall was a name that nobody knew what it meant, and Yukon's kind of the same. So I guess nothing really has changed there. People would ask me, Hey, what does Fifth Wall mean?
And I would make something up every time. It would be a different answer every time. Some people tried to come up with a clever way to tie it to cybersecurity, but it's not, it just was a name, I think it was a name someone came up with. When it came to Yukon a big piece of it was we got we got some investment money last year to start working on an actual solution.
So our, the name of our company was Fifth Wall Solutions, and we didn't actually have any sort of literal solution. We didn't have any tech at all. And so what we started working on was a, a. A means by which securing cyber insurance could be a lot easier for all the parties involved. And that is what the platform or the product, we'll call it the product.
I don't wanna call it a platform yet. 'cause it's not really that yet. It's just the product Uon. Then as part of the desire to bring everything together under one roof, we said, Hey, we're gonna rebrand the company as Yukon so that there's not like Fifth Wall, but then there's this Yukon thing over here.
It's kinda like how Apple just decided to name all of their OS's 26 this year, even though
[00:02:22] Mikey Pruitt: hallelujah, by the way thank
[00:02:24] Will Brooks: you. I was so confused. So it, that kind of thing, just the alignment of product and company name so that you only had to remember one thing.
[00:02:35] Mikey Pruitt: So tell me about that product then the Yukon product.
[00:02:38] Will Brooks: Yeah, so the vision here is we can go really deep into this, but the vision here is that cyber insurance. Is complicated and there are a lot of different people who have differing opinions and different thoughts on how to make it better. But most of the time those differing opinions and different thoughts are a person or an entity saying, I have this really good idea to do cyber insurance rights, so I'm gonna do this thing.
And what ultimately. Happens in, in most cases is you either have someone create what's called an MGA, which is effectively, they get their own underwriting authority. They go through reinsurers and things like that, and they say, I'm gonna create my own special kind of product that's going to allow me to.
Right risks the way that I think cyber risks should be written. And that's not a bad approach. It's actually a great approach and there are a lot of really good MGAs out there. The problem is that doesn't change the, that doesn't change the industry as a whole. It doesn't make cyber insurance easier for everybody.
It just makes it more accessible for a very small group of people. Now the unique piece of Yukon is that we are a cyber insurance wholesaler, and it. For MSPs, they can think of it like a distributor, right? It's a company that has access to a huge swath of carriers, insurance carriers that most insurance agents do not have direct access to.
So a lot of times insurance agents have to work, go through us in order to gain access to a lot of these carriers. They couldn't do it themselves. What that has allowed us to do, and we only do cyber insurance. We've only done cyber insurance since our inception in 2020 or 2015. And because of that, right?
We have really gotten to know the cyber insurance space really well. In 2020 we started partnering with MSPs to really understand cyber security really well. And we have relationships with all of these carriers that are very good. We have direct underwriter relationships with all of these carriers and so that creates this.
Opportunity for us to make cyber insurance accessible to the masses, not really just a select group of people. And so typically with an MGA, it's oh, we're gonna market this towards this industry or this particular revenue tier because we figured out how to make cyber insurance very accessible to that group, right?
And for us it's how do you get all of the players that are necessary for cyber insurance to be made simple. Communicating properly. So the concept behind Yukon is to say, let's make a seamless process for insurance agents to be able to approach and say, alright, we wanna write coverage, but I don't know what the heck I'm supposed to write when it comes to cyber insurance.
It's really confusing. It's changing all the time. I don't know what to do with it. Okay. These Yukon guys, they know what they're doing and they're gonna provide me with the know-how, the education, the recommendations on quotes, all that kind of stuff. They're able to pass that to communicate with the MSP to say, Hey, we need the cybersecurity portion figured out.
And MSPs are often confused because historically, cyber insurance applications are very. Asking very black and white questions. And when it, when you ask black and white questions about cybersecurity, you're asking the wrong questions, right? And MSPs look at it and they start going cross-eyed because they're like it's this, but it's not this, it's this, it's this thing.
It's, so I'm gonna write this paragraph of explanation underneath each question. And most of the time the carriers don't even know how to make heads or tails of that explanation. 'cause they're still looking at it as black and white. We want to be able to create the way to translate those questions to something the MSP would understand and then feed that back over to an application that gets filled out on behalf of the agent and the client and all this good stuff.
So without having to bring up an entire Figma board right now to show you everything, the whole mindset here is that there is a communication problem in cyber insurance. That's really what has led to us doing what we're doing is you have carriers who are. Sending requirements to agents and agents have to pass those on to clients, and clients have to pass those to their MSPs.
So you're playing this game of telephone controls are being tossed back and forth. People don't know how much coverage they're supposed to carry. They don't understand what their pricing should be or could be based on their security posture. There's all those issues. So Yukon is looking to unite all of those parties in order to solve all those questions in a way that's presentable, easily easy to digest, and that whoever.
Has to interact with cyber insurance, can understand the portion that they're supposed to interact.
[00:07:07] Mikey Pruitt: I'm imagining the MSP owner operator, like a cocktail party, and when they get past the question of what do you do and what does MSP stand for? The next question is what does an MA managed service provider do?
And the answer is it depends. And it sounds like the answer of cybersecurity. It's what do I need? It's it depends.
[00:07:28] Will Brooks: It does. What
[00:07:28] Mikey Pruitt: You and Yukon are doing is giving that industry knowhow and creating a connection like a marketplace. Is that kind of right to see yeah.
So who aligns with, we're calling it
[00:07:37] Will Brooks: a marketplace, particularly because when you think of. When I brought up that wholesale concept before you have access to carriers you wouldn't necessarily have access to otherwise. So when you go to your local agent, you're probably gonna see three or four carriers out the gate no matter what.
Like you get the same three or four. 'cause those are the big ones that agents tend to write with. A wholesaler opens up access to a whole mess of carriers that you wouldn't normally see anything from if you were just writing direct as an agent. And so it creates this marketplace concept.
It creates this marketplace concept where now clients are gonna, clients have access, MSPs have access to insurance policies and quotes that. Far extend past those typical three you're gonna see. And so the ma the marketplace concept and all of it together is you fill out an application.
The goal here is as quickly as possible. Now, you're never going to, and I have to preface this, you're never going to completely eliminate the p the possibility that manual underwriting has to happen, right? If you are a risk that has had some sort of loss in the past. Most of the time, especially in the past three years, that's like the carrier window.
So in the past three years, if you had a cyber incident, the carrier is probably gonna ask questions. So it's not just necessarily the thing where. You could just get a quote and bind it. But that's the same with everything, right? If you've had a bunch of car accidents and you try to just go buy auto insurance, typically you're not gonna find it so easily.
You have a bunch of speeding tickets. You're not gonna find auto insurance so easily. If you live in a flood zone, you're not just gonna be able to get, like I live on Long Island and fortunately I'm not in a flood zone, but there are still a lot of carriers that will not touch my house because it's on an island.
So you have to end up going these specialty routes and you have to go through some more manual underwriting like that can happen. But the ultimate goal is to say, for the majority of risks, can we provide them with pricing options out the gate Very quickly, very easily, based on this very specific set of questions and approach.
Tell us about your business, tell about your industry, your revenue and then you just have to confirm that these security controls are in place, right? That's a lot easier to do. Then having to fill out this massive form about security questions and hoping that you answered it right? So if we can get the pricing and say, look, this pricing will hold.
If these security controls are in place, you're in a much better spot. So that's a little piece of it. And then for the manual underwriting stuff, 'cause you're gonna have that if you have a $50 million a $50 million manufacturer, auto dealer, something like that, who historically has seen. A high number of attacks or attempts carriers are gonna wanna know that better security's in place.
So they may ask some questions. They're if they know you have a history where you had a cyber incident or two in the past, they might say, okay, what caused that incident? And what have you done to, to. Make it so it doesn't happen again, right? Like those are normal questions. I wouldn't be upset if someone asked that.
But the goal is to eliminate all that grunt work that has to happen before you get there. And that's a big part of what we're looking to do. And then for the insurance agents, 'cause what we've started doing is partnering with a network of agents across the country to say, look. Historically, insurance agents haven't been writing a whole lot of cyber because it's really confusing and it keeps changing.
So let's change that for them and say, we're gonna provide you with what you need to know and what you need to say and how you can sell this to your clients. So rather than. Rather than a million MSPs coming to me looking for quotes for their client, I can help that MSP get set up with an agent who's basically a Yukon agent on the ground, local to them who can become a referral source for them, a network for them and that they can partner with to make sure all their clients need, have what they need to have.
That's the mindset here is let's create this ecosystem that is exists locally for them. So they're not relying on some guy in New York when they live in California. To address client needs, at 5:00 PM Eastern in California when I'm getting ready to go to bed. So it's like that kinda, sorry, 5:00 PM Pacific while I'm getting ready to go to bed.
[00:11:44] Mikey Pruitt: Time zone math is just hard. Don't, time zones are
[00:11:46] Will Brooks: confusing.
[00:11:49] Mikey Pruitt: So I was gonna ask like if. An MSP has, let's just call it poor cybersecurity credit score there. What are their options? If, are they likely to get insured if those questions are answered and addressed, or is there a just a no at the end of that?
Sometimes. It
[00:12:08] Will Brooks: depends on the credit score reasoning, right? If you have a poor credit score because your security's terrible, we'll fix your security and then you're probably gonna get a quote. No problem. It's the issues of Hey, so you use an RMM, but you don't have MFA enabled on it, and you refuse to put MFA on it.
First of all, what kind of m Ms P are you if you're doing that, but at the same time. Let's say it's this ridiculous scenario where I don't know, MFA is just annoying for me, so I don't put it on the RMM and whatever, and it's now you're setting yourself up for failure and no, no insurance carrier's gonna touch you.
It's like that kind of mindset where it's usually security. Now, the reality is if you've had a pretty major loss, it's going to be hard to find coverage. The beauty of Yukon and I mean I don't like the pitch services, but the beauty of UConn and what we're ultimately, with the amount of access we have, typically it's a lot easier for us to find carriers that are willing to write it.
It's gonna be expensive. I'm not gonna lie. If you have a really bad credit score, it's just like how if you have a bad credit score, your a PR is gonna be out through the roof. But the reality is like. We can find something, but we also I don't want, and this is my hope for the cyber insurance industry as a whole.
I don't ever want it to just be, we can find something. I want it to be, we can optimize you as a risk so that the thing we find the something that we can find is the worst option. We've optimized your risk so we can get out there and we can get you the best option out there. Like care.
We, I want to see a day where carriers are fighting. For a particular risk where they have to compete over you, not, you have to just do all these things to even get considered.
[00:13:44] Mikey Pruitt: Let's talk about how to get to that place for a second. Yeah. I'm curious, how often are you in the position of playing like cybersecurity consultant versus Insurance Matchmaker?
Are you giving advice I'm sure there's a, you have a pretty extensive checklist of things. My, maybe you're following one of the frameworks. What does that look like?
[00:14:05] Will Brooks: I wish I could say we followed a framework. 'cause I love frameworks. Especially I dunno, you get C-I-S-I-G one like that in and of itself would be better than what carriers are offering at the moment in terms of visibility into what they're looking for.
[00:14:21] Mikey Pruitt: Wait, hold on. You're, are you saying that. C-A-S-I-G one first level basically is what is expected by most insurance carriers. Like they're No,
[00:14:30] Will Brooks: No. It's actually often less than that. Oh, wow. So they're,
[00:14:33] Mikey Pruitt: they're so uneducated about the cyber market. They're just like, yeah, that's good.
Level one. That's great.
[00:14:42] Will Brooks: No, I would take it a different direction. So it's not that they're uneducated they know. They're building their knowledge base of what good security is off of their own loss history. So rather than go to a framework that says, Hey, we've studied this we've we've created this mindset that you can be secure to this level.
If you do these things, you'll be at this level. If you do these things, this level, you do these things, right? How easy would it be if a carrier said, Hey, prove your IG one compliant and. Check this box, your IG one compliant. We'll offer you pricing. Like that could, that'd be so nice. Unfortunately the majority of carriers we're still in the wild West when it comes to cyber insurance.
Everyone's doing their own thing. There's no real relegation or regulation. Regulation. Relegation is a sports term regulation across all these different carriers. Where you can just assume, okay, this is the framework of insurance. That's just not really a thing. People will say it's a thing, but again, going back to what we said before based on industry, based on revenue, based on loss history, like there, that all changes and they look at a risk and they say, okay, we have our individual understanding of how this risk has historically done.
At their revenue, at their industry class. So we're gonna provide pricing and security expectations around our own loss history rather than something like IG one or CIS or CMMC or whatever, right? Like it's just. That's part of the challenge is when you're talking to a cybersecurity professional, they want that framework and unfortunately, that framework doesn't exist, which is why, like I brought up before, you have these MGAs who get underwriting authority, right?
And they say I can do this better. So an MGA could pop up that says, as long as the risk is IG one compliant, and they're within these 20 different industries. We're gonna provide good pricing to them, right? That would be a good idea. But again, you're isolating yourself to a small part of the market.
So that leads, you brought up consulting, right? So we consult pretty much on every single policy we sell. We don't charge for the consulting, but that, because at the end of the day, selling insurance is how we make our money. So the concept of consulting is to say, look, we recognize that your risk is unique, but we don't consult.
We're not gonna come in there. Unless it's a really significant risk that has to have a good conversation about it the majority of time that consultation's not that hard. It's literally just saying, look, based on your industry, based on your revenue, we can get you pricing. But we need to see these security controls in place.
This is the pricing you're gonna see. If you don't have all that security in place, this is where you could be. So kinda like price benchmarking. And then the other piece of that, and really where we've dug in is what's called risk quantification. And it's this concept of saying, look, if you were to see an incident today based on your security posture, this is how much it would cost you over five days, 10 days, 15 days, 30 days, like this kind of mindset on average, right?
You can't say this is what it will cost you, but on average, someone in your industry, in your revenue tier. Would see about this much in loss. So this is why it's so important to get things like security in place like MDR or something that's gonna help shut out, that attack quickly. So you don't, you stop the bleeding, right?
And then hopefully you can reduce that risk financially enough that you could transfer the risk to insurance. And if we can reduce that risk enough, you don't have to buy. As you won't have to buy as high of limits on your policy so you could then buy a more affordable policy, right? So a lot of MSPs we talked to are like what security controls are gonna reduce the premium for my client?
We're like let's change that conversation. Show them how the security controls can reduce their potential loss to a point where we can go buy them a more affordable, or help to have them buy a more affordable policy. That's the mindset. So it's change in thinking. And that's the whole approach that we've taken.
[00:18:27] Mikey Pruitt: So I'm gonna harp on that. One of those things you said there, it sounds like the cyber insurance, like the big guys, at least. Their risk model is perhaps immature because they haven't seen enough breaches to, to precisely quantify the risk profile of these MSPs. Does that sound about right? That's why they're Yeah.
Yeah. That's a good, like they just don't have enough data to predict the loss.
[00:18:54] Will Brooks: It's hard, right? Because in 2020 when the whole world went remote and they weren't requiring any security whatsoever. They have a lot of loss history, but the problem with their loss history, and I think the pro, this is my own kind of understanding.
I don't know if this is textbook, but like for me, when I look at, when I look at cyber, the world of cyber, it grows exponentially. Look at it. What is a year or two ago when ai generative AI first came on the scene? And look at where it is now. It's being used everywhere. It's in everything, right?
So within a year, two years, it like exponentially shot up. That's just how all technology works. It's on that exponential curve. The problem is I feel like insurance is still very linear in its approach. So if I am looking at a loss history from a year ago to understand how I need to qualify risks today, then I'm missing the fact that everything has already changed.
So that's that. I don't think any one carrier is going to be able to solve that completely if they keep sticking with this idea of I'm only going to base my risks on my own historic losses. There has to be this understanding and this merging of the world where we have people building cybersecurity products who say, this works.
It is tested, this is why it works. And carriers looking at that and saying, yes, we wanna do that. You're seeing that today. Where a lot of insurer insurance carriers are offering their own MDR products 'cause they're realizing the importance of it. But again, I push back on that 'cause I don't think that's the best approach either.
'cause they're like, oh and they're not looking to push the MSP out. I do want to give that that caveat there, a lot of insurance carriers are terrified of MSPs 'cause they don't control them. But at the same time, like they're not trying to replace the MSP, I think it's a lot less less I think it's a lot more innocent than that.
I think they're looking at it and they're saying our risk tables have showed us that if people have MDR they have far less expensive incidents, so we should just provide them with MDR, oh, buy our MDR and we'll give you a discount on your premium. Great. For us, that's us covering our butts as an or, not us, me, but like the insurance carrier speaking for them.
That's them covering their butts. And that's where I think on the MSP, it's so important that they do understand the way that insurance can play off of cybersecurity. Because if they can provide the MDR product for the client, then they don't have to, if they can make themselves that cybersecurity advisor, that trusted person, when all things cybersecurity comes up, then when a carrier does say.
Our MDR product, you'll save money. They're not gonna be like, oh, let me think about that. They're gonna turn to their MSP and say, what's this all about? And you say, oh, you already have that and this is what it does for you. Yeah I put it on there.
[00:21:40] Mikey Pruitt: I would hope that the insurers are not.
Custom building and MDR, like they're pro. Hopefully they're reselling something that already exists, but
[00:21:50] Will Brooks: Yeah.
[00:21:50] Mikey Pruitt: Like you said, you're like, we are in the business of selling insurance, basically, which is what they are. They're not experts in MDR technology.
[00:21:58] Will Brooks: No, and it's I actually personally get very.
I don't like the idea of buy this thing, get discounted, this thing. I don't like that as a sales tactic for any company in any industry. And the reason being is at least when it comes to some sort of subscription based model, right? Like I, I'm not saying insurance is subscription, but it is.
You pay, you renew it annually, so you could treat it that way. But I always struggle then when it's like if you purchase our subscription, you also get. A discount on these things. If you decide that subscription you purchased stunk, next year, not only do you lose that subscription, you also lose all those perks.
You got through it and now you have to find everything again. So it's, I almost feel like it's a manipulative sales tactic to retain. It's saying oh if they buy their MDR through us, then they're gonna be our insured. So then they're gonna keep using us as their insurance provider because their MDR is tied up with us.
I don't love that approach. And that's where an MSP really can't establish themselves. And look, when you're with me, Mr. And Mrs. Client, you have full autonomy. You're not picking your security solutions based on what your insurance carrier is gonna incentivize you to keep. So one day, if your insurance carrier decides.
I don't really like this risk anymore. And they non-renew you guess what your MDR is safe. Like that's my thinking. I struggle with that even on the flip side where you have cybersecurity companies who say, Hey, if you utilize our product, then we have a special program with insurance, with an insurance company that you save money for them.
Because now in, in the same way you're tied up. With that particular company, even if they jack your rates, if they do all sorts of things because your insurance is tied up in that discount, right? And that doesn't always work out in your favor from a real financial standpoint. And that's the difference is as a wholesaler, we just offer the best option every year, like we're gonna remarket it because at the end of the day, carrier pricing fluctuates all the time.
Non-renewals happen things happen in the industry. So if you can keep the pricing. As level as you can by switching carriers on, looking at different carrier options on an annual basis, but also recognizing that the security's not tied up in them. It gives you that freedom to be flexible, and I think that's really important in the cyber world.
[00:24:14] Mikey Pruitt: Yeah, I agree. The there's like a separation of concerns that I think MSPs really enjoy 'cause they can, the pieces are interchangeable. I do this with websites, like I never have hosting domain and everything, bundled together. Everything is separate. It's more work, but it's more flexibility in the long run.
[00:24:32] Will Brooks: Sure. Yeah. Absolutely.
[00:24:34] Mikey Pruitt: I'm curious what are some of the. Easy wins. So let's say I'm an M Ms P and I want to get a better rate on my cyber insurance. What are some of the easy wins that I can implement? Look favorable.
[00:24:46] Will Brooks: You're in. Yeah, that's a good question. If you're an MSP, the first thing to bring up is that you really should be carrying what's called tech errors and omissions coverage.
And it's combination. I, it's, comprehensive tech e and o, which also includes cyber liability coverage, right? That you could go and buy tech errors and omissions and go buy cyber liability insurance separately, but you're gonna be paying more. You can buy tech e and o that has cyber liability built into it.
And that's the kind of policy you wanna buy as an MSP. And that one is a little more complicated because you are not just. You're not like a, I don't know, a bakery on Main Street that has a point of sale system and maybe some payroll stuff tied up in your, on your network. And then order, history and stuff like that, right?
That's, that in and of itself is data, but MSPs don't just have their own data. They have data for. All their clients, right? That's the fear point for most insurance carriers out there is they look at an MSP and they're like, you are the focal point for data leaks across all 25 of your clients, all 50 of your clients, however many clients you have.
That scares them, right? So that's why I brought up before, if you're gonna use an RMM, make sure it's locked down with MFA. If you're gonna have, if your clients are insistent on a remote desktop, make sure it's locked down on MFA, right? There's. There's this kind of thing where MFA is the shining shiny object for insurance carriers right now.
I know MDR is probably the trendy object, but MFA is still the standard. It's there was a report back a couple years ago where Microsoft said that within their ecosystem, if 99% of cyber attacks would've been avoided if people just had MFA enabled. Now, I don't know how you can say that.
Ultimately I don't know how you can say what. 99% of you can't prove a counterfactual on mfa. But at the end of the day at the same time it is true that, two FA multi-factor authentication, whatever is huge, right? It's gonna, it's just adds an additional layer of security.
And then MDR is a big one for your own personal network. So the reason I brought, I bring this up is. There's the techie and O piece, which is saying you as an MSP, you are providing security for this client base. So therefore their risk becomes your risk, right? So there's that liability component.
That is just because you're doing business with them. Then there's the cyber liability component that says, Hey you as an MSB, you could also face a cyber incident yourself. So for, in terms of security there, it's the same stuff that most companies need, right? Like the easy stuff is MFA backups.
Again, E-D-R-M-D-R having a patching cadence. This is where carriers get weird. A lot of them stay within 30 days for critical vulnerabilities, but I'm like, eh, it's gotta be faster than that. Come on. Especially if you're an MSP. You can do it faster. So there's that. There's there's some other stuff too that isn't, for MSPs it probably would, they would wanna see it more.
And for clients of MSPs, like things like a PAM solution, are you managing privilege? Are, is that the kind of thing that just everyone can download Spotify or do they need to ask about it first? Which version of Spotify? Are they downloaded the actual one, or are they downloaded something they found off of?
I don't know. Spot
[00:28:02] Mikey Pruitt: spot-fi.com. Yeah, there you go.
[00:28:05] Will Brooks: But it's really that the security the bigger challenge MSPs are gonna have is not the security. Because honestly, I would say if you're a good Ms P and you are practicing what you preach to your clients, you're probably not gonna have a hard time finding coverage.
From a eligibility standpoint, where the bigger challenge is for MSPs is that there is just a much smaller, so I mentioned our company, right? We're a wholesaler. We have access to over 50 carriers and. Last I checked, maybe 10 of those are willing to take on MSP risks. So it's just the reality that you brought up before, like a lot of carriers don't quite understand the risk, and I don't think a lot of them want to when it comes to MSPs.
And there are other ones who recognize, shoot, most carriers aren't doing anything with this, so we can do it and we're gonna win a ton of business because of it. So it really just comes down to that Now. Fortunately, there are 10 carriers in our pool that write MSPs, so it's not just one who can charge whatever the heck they want, right?
They still have to compete with each other, and that's an important component. But if I would say for MSPs, if you're going to your clients and you're saying, Hey, here's your security stack. You need to have all these things, and you're not practicing what you preach on your own system, you're gonna struggle to get insurance.
Also, it's what are you doing?
[00:29:24] Mikey Pruitt: So real quick, if I have, I'm MSP and I have a customer, let's say a school and they have a, like a, CMS student portal thing, and that vendor gets hacked, does that fall under the tech e and o portion of the policy, or is that something else?
[00:29:40] Will Brooks: N no. So that's where things get a little weird, right?
So they're using a CMS, they're using a, a. Student management platform learning management system, whatever we want to call it, right? Like they're using that platform for their day-to-day operations. You're not managing that platform. You can encourage them as an MSP to say, Hey, you should make sure MFA is on there because if your system, Mr.
Mr. Mrs. School person. If you, if your system gets hacked and you don't have MFA on there, now that cyber criminal who got in there can get into all that information from your system. Now that school is in trouble, right? But that's should, that would fall on their cyber liability, not yours. And the other side of that is if the vendor gets hacked.
That could lead to other issues, but that would probably fall on the vendor's cyber reliability, not yours. Unless the vendor was also. Your client and the reason they got hacked was your fault, then it could be a ticket. That's where it could get, it gets dicey.
[00:30:41] Mikey Pruitt: So that was a bit of a leading question.
How often do MSPs have their cyber insurance dialed in and their clients have it dialed in? Is that pretty frequent common?
[00:30:53] Will Brooks: Man I talk to a lot of MSPs who. Know they need techie enough. So most MSPs, there's been a lot of really good education out there in the Ms p space, not just from us, from all sorts of people in the insurance space.
I think highlighting the importance of tech errors and omissions for MSPs. 'cause we have a lot of them coming to us asking for, and that, for that I'm very thankful they know what they're looking for. The other piece of it and where there's been a lot of really good education too around making sure, or requiring, mandating that your clients carry cyber insurance.
So a lot of MSPs come looking for tech E and O, and a lot of them require that their client carry cyber insurance, but the majority I talk to require it, but don't actually check to see if that's the case. And that's the biggest fall off is it's like you guys have a contract in place that literally says your client must carry cyber liability insurance, but then you do not provide them with any sort of pathway to help them get it.
Nor do you actually check to see if the cyber insurance they have is any good. There's no sort of audit system in place and that, now granted on one hand, on the one hand, MSPs don't wanna get their hands into the insurance game 'cause that's sticky. But on the other hand, if you're putting that in there, like why would you not verify?
It's literally the most important coverage an MSP client could carry in the eyes of the MSP because if they don't have the proper coverage. Here's a good scenario. So Mikey, you say to me, Hey, will so you take on my business, Will's, dodgeball emporium as your new client, right?
I have my entire legacy built into my dodgeball company and I'm really excited about it. And you say, Hey, will, last thing, in order to be my client, you have to carry cyber insurance, right? So I'm like, oh, okay, cool. So I go to my agent. And I say, Hey, I'm working with this guy, Mikey. Now he's my new MSP says, I need to carry cyber insurance.
Can you help me out? And the agent turns to me and says, oh yeah, I can add that onto your business policy. It's gonna cost you like an extra 50 bucks, no problem. So now I have cyber insurance, right? But and I told you I have it, but we haven't done anything to actually check to see if the amount I'm covering is the amount I should be covering.
And so what happens is I end up having a cyber incident and I bought this crappy add-on policy that does nothing and it doesn't cover me. So then I turned to you. I was like, Mikey, you told me I had to go buy cyber insurance. It did nothing. And now I'm hacked and I'm in a terrible spot. This is your fault.
I'm suing you.
[00:33:17] Mikey Pruitt: And Mikey, the MSP is sorry, our hands are tied here. We told you, da. And it becomes it's a very precarious situation because. Will's dodge ball is gonna try to come after me.
[00:33:27] Will Brooks: Yes. And
[00:33:27] Mikey Pruitt: I'm gonna say no, but that doesn't mean I can't get sued.
[00:33:30] Will Brooks: You're gonna get sued regardless. And that's where techie and o steps in is. They're like, Hey, look, you may have a great contract in place and at the end of the day, that lawsuit's gonna fail, but you're still gonna get tied up in litigation that's still gonna cost money and they're still gonna be business time spent on that.
It's like that kind of stuff, right? And that's why you want to have a policy that's gonna help you navigate that stuff. But for your client. For will's dodge ball. The opposite of that. The other end of that is to find yourself a good cyber insurance partner. And that's kinda what I was saying with Yukons.
We want to help identify local partners for you and train them up to be that partner so that when you tell your client they need to carry cyber, it's not just, oh, go get it. It's, Hey, we're actually, we're telling you to go get this. Here's the date you need to have it by as a client Hey, we're gonna give you a 30 day or 60 day grace period when we onboard you.
You need to get cyber insurance and. We are going to sit down and review it with a, an agent partner of ours who can actually talk about that. 'cause I can't, and are some
[00:34:26] Mikey Pruitt: recommendations.
[00:34:27] Will Brooks: Yeah. Because it's important. Yeah. And that agent can, and if you have questions, if you wanna know what you should be carrying, we can, bring them in to talk through that too.
And if you want your agent to make sure they're recommended the right stuff, bring them whatever it's just, it's really important to, to, that is a piece that is not a part of the MSP's world. They I don't wanna touch that line. I don't want that liability on me as an MSP, I also don't want to become a licensed insurance agent.
At the same time, it is crucial that their clients are carrying the proper coverage because if they're not, it's gonna come back and bite the MSP no matter how hold harmless their MSA is.
[00:35:00] Mikey Pruitt: It's because the liability is already on you.
[00:35:03] Will Brooks: Exactly. So it's it's the kind of thing where. That's what I mean.
I was talking about my hope for the cyber insurance industry. It's also my hope for MSPs that it's don't just be satisfied with requiring something. Do the due diligence. Be that cyber advisor say, Hey, I'm gonna sit down with you and we're gonna make sure that you are carrying the right coverage.
I'm gonna bring in someone who can advise you on that 'cause you're not licensed. Like it's that kind of mindset.
[00:35:27] Mikey Pruitt: So that was one thing that MSPs can get wrong about cyber insurance, like the requirement of their clients, and not just the requirement, but the due diligence portion of that to making sure it's adequate.
What are some other missteps MSPs taking in the cyber insurance world?
[00:35:45] Will Brooks: That's the biggest one. The other one, this is gonna sound funny, right? I've talked to a lot of MSPs who say, oh, I don't want to even talk about cyber insurance. 'cause again. That's not, there's the whole liability, fear thing.
I ran into that a lot. I did some road shows with Huntress last summer and the number of times that I got up there to talk about cyber insurance. And one of the questions I got was. Can I really be talking about this? Like I don't wanna get sued for my client because I talked about the word insurance and it's like bringing up the word insurance is not something that you're gonna get sued
[00:36:16] Mikey Pruitt: for.
It's like now that they've heard the word, they're now they're liable.
[00:36:19] Will Brooks: Exactly. Every single contract out there, if you're a builder and you wanna win a contract, if you're a. If you're a manufacturer and you wanna win a contract, like every single one of those contracts requires insurance. And they even put limits in there.
They say you have to carry insurance up to this limit. And a lot of times you have to negotiate that limit down 'cause it's exorbitantly high. And it's if I went and bought that much insurance, I would spend more on the insurance than this contract would pay me. That's stupid stuff. But there's no, most companies do not mind bringing up insurance in contracts. But then you have MSPs who are like, I don't even wanna talk about it with my clients. And it's no, you really should. You should have an entire QBR dedicated to that insurance renewal season. And that doesn't mean you're sitting there and saying you guys should carry 3 million in limits 'cause your revenue, like you're not recommending anything, but you're saying, Hey look, it is 90 days before your insurance policy renews.
And last year we were filling out an application the day before your policy renewed and everything was chaos. So we're gonna meet now and we're gonna talk through your cyber security posture. And I need you to go to your agent and get an application now so that we can make sure that you're answering those questions properly and use it as the touchpoint with the client.
And I think that's where you talk about where a lot of MSPs struggle is. It's not so much with the. The insurance itself, it's just with the sales component and the personalities component and like you have this ability to stand apart from every other MSP out there by just saying, Hey look, we have a dedicated meeting once a year where we're gonna make sure your insurance renewal process is a lot smoother than it has been in the past.
We're gonna talk you through the security and all that kind of stuff so that when your agent comes a knock in with that app, you already know what you need to do. Let's work through that. You be, you become an advisor, you become. And you're establishing a relationship with your client that's not just, I'm trying to sell you tech every time I talk to
[00:38:05] Mikey Pruitt: you.
Yeah. It makes you so much more valuable. Yeah. In their
[00:38:08] Will Brooks: eyes.
[00:38:09] Mikey Pruitt: So actually that was gonna be one of my questions too. So you talk to a lot of MSPs and I'm curious what keeps them up at night. Obviously I think cyber insurance does keep them up at night, but they think willful ignorance will save them.
But let's take insurance off the table. What are some things that MSPs say regularly that, that is making them nervous?
[00:38:31] Will Brooks: Yeah. It's hard for me not to think of insurance. But one thing that does keep them up at night, it's not really insurance, it's related to insurance, is what I brought up before, of insurance carriers selling their own security services, because that creates a sense of competition.
And if you're an MSP who's particularly bad at sales that can bring a lot of fear, right? It's if you're not as, like we just talked about if you're. If you're not establishing a regular cadence with your client, just to check in with them and talk with them and show them, like create pathways forward that aren't just, Hey, I'm here to upsell you.
Then when someone else comes along with a cheap alternative, they're just gonna jump on it. And now you do have something to fear because they, you haven't established yourself. So I, and I often think a lot of anxieties that keep us up at night, a lot of fears that keep us up at night are self-inflicted.
It's, and that's not always the case, obviously, just, you could also have the, Hey, I'm using an RMM. What happens if my RMM gets breached? That's something scary. It's gonna keep you up at night because that can really mess up your whole business. That's happened before. So I that, and that's the reality.
But the majority of things that, the majority of anxieties I see when I talk to MSPs tend to be more around that like competition side of. People outside the realm of MSP trying to play the MSP and not wanting to lose clients because of it. And I think that's a fixable thing. That's something that we shouldn't have fear around.
We should look at it and say I'm gonna fix this. I'm gonna make sure that this doesn't happen, and I'm gonna create that relationship with my client. That makes me inseparable.
[00:40:09] Mikey Pruitt: Those, yeah. Those things that keep you up at night should be motivators.
[00:40:14] Will Brooks: Yeah. Most of the time the there are things you can't control.
[00:40:18] Mikey Pruitt: Yeah, for sure. And I could see the appeal of being an NGA, like you mentioned earlier, does that stand for like becoming an agent yourself? Basically?
[00:40:27] Will Brooks: It's like managing general authority. It's just, it's a fancy phrase for saying that you have the ability to take on some risk yourself and write.
Write policies based on your own kind of underwriting metrics.
[00:40:40] Mikey Pruitt: Yeah, so that is, a potential avenue. Another avenue would be someone like Yukon to nav, helping navigate those waters. The MSP, turning anxiety into potential revenue is a really great idea.
[00:40:57] Will Brooks: Yeah. So
[00:40:57] Mikey Pruitt: just think of those things that are, that scare you and write 'em down.
Maybe make a plan for Q4 2026. Let's talk about another anxiety point or go.
[00:41:08] Will Brooks: I, no, I think that's, honestly, as an action item, that's a fantastic exercise to say, okay, what are the things that keep you up at night? Write 'em all down, look at them and say, okay, which ones are literally out of my control?
But then which ones can I actually control? And. If I control them, are they gonna make me a better MSP and more more desirable by a client, a potential client or a prospect or something like that, right? Like you can turn the anxiety into a weapon. Not anxiety itself, but the. The result from it.
I don't know where I'm going with this, but Yeah. I love it. That was a,
[00:41:40] Mikey Pruitt: that was definitely like a clip, anxiety as a weapon episode title. But another piece of anxiety that I see is, and you've mentioned it a few times, like that sales. Motion like MSPs, tech people. Not really great at putting ourselves out there and getting on the phone and making sales and talking to people in a way that is easily understood by the other party.
But you and we, you have a podcast, you do a lot of outreach for UConn and previously for Fifth Wall. So like, how do you, how important do you think it is for the MSP, let's just call 'em personalities to be accessible and public?
[00:42:22] Will Brooks: I think it's important. Most MSPs, not all.
There are some that are, multi-state. They're all, they're really huge, but the majority of MSPs we talk to are themselves small business owners, and there is something to being a small business owner that is present and engaged in your local community. I'm not necessarily saying you need to go join the, the Kiwanis Club or be part of the Chamber of Commerce, like as one of their.
Board members it's not necessarily on that level, but we often, small business owners often rely on referrals to, to win business, right? And when it comes to insurance, I think this is probably one of the best business opportunities, is if you can get yourself engaged in a local networking group.
When I was, before I came to this company, I was working as a financial advisor and I hated it. I would never go back to that. But at the same weirdest job ever, you had literally walk into a business and you have to effectively find a graceful way to say, how much money do you have that you wanna invest with me?
Like this weird. Career. But for me some people are amazing at it and I have a great financial advisor, so there's that. But the reality is either way, when I was in that role, like I joined a local networking community of different people in different industries to say, look, we can pass referrals back and forth.
If this comes up that someone's looking, who do I send them to? And if you can partner yourself up with a local agent and be a cyber, an insurance agent who knows cyber really well. I think that's the key. A lot of MSPs enter into these networking groups, partner with the one agent that's a part of it, and that agent's terrible at cyber insurance.
And then you have a one-way referral system that stinks. But if you can get that cyber insurance agent. Up to speed or that insurance agent up to speed with what good cyber insurance sales and advising and cons consulting is all about. Then you have a frigging awesome network between the two of you where you can really expand how your clients understand and live in this world of cyber.
So there's that, but then there's also just the reality of local engagement in the community, and I think that can be hard for a lot of MSPs because. Granted, we're the nerdy people who were playing with our computers when we were kids and learning how to break stuff and put it back together, right?
The internet would go down and our parents would say, what'd you do Will, right? Like that was our mindset back then. So it's to get out and engage in our community can sometimes feel a little daunting, but do it. If your local chamber of commerce has a street fair.
Be part of the street fair if be engaged, do things, get people make your, put your face out there. I think that's super important.
[00:44:58] Mikey Pruitt: So you have I think you have your feed in multiple communities, the MSP community, but also you have to pay attention to the insurance community big time. So do you ever do talks and education for that side, the insurance people?
[00:45:12] Will Brooks: Yeah. That's a huge part of our. Company here is to engage cyber insurance agents, and I brought it up earlier, but make them help them get to the point where like they feel confident in selling cyber insurance and give them a pathway through UConn to easily get their clients policies put in place and provide their clients with all the knowledge and understanding they would need to be sure that the policy they're getting is right.
Ultimately that's where we're gonna see the most success is if clients. Agents and MSPs are working together locally utilizing the Yukon ecosystem to sell security, to sell insurance, like all those things, to understand what insurance is requiring so the security stack can align with those requirements.
And then an agent, the agent partner can come in and say, Hey, we can go through this Yukon application process is gonna be really easy for you. 'cause your revenue's here and your industry's here. We can get you quotes pumped out today. We can even get you coverage tomorrow. How seamless that can be because everybody involved in cyber insurance, agents included, tend to hate it because it's so complicated, right?
So our goal is not just to go to MSPs and say, let's educate you on a bunch of stuff to say, Hey, let's educate you on this stuff. But then also here's an agent who you can utilize whenever your client has that insurance need so that you can be confident that your client is getting the right coverage for them.
Again, aligning with those MSA requirements and whatnot.
[00:46:36] Mikey Pruitt: I'm picturing my like news feeler, so I'm like looking at certain Reddit communities and our company chat here at DNSFilter and like just different blogs I read, but you're like, what are you seeing on the insurance side? What are agents asking and what are insurance companies asking you and what do you see like coming down that we should all be aware of on the security side?
[00:47:01] Will Brooks: Question. I'll start with agents. Agents just don't, agents just need clarity. That's really what it is if you think of it this way, right? Like agents, a lot of agents have been in the insurance field for 25 years, right? And for only about seven of those years, maybe less, cyber insurance has really become a viable product for them to sell.
It's I don't wanna I've been in this for 25, 20 years. I don't wanna learn another product that is constantly changing on me. Like, why? So that's why so many of them opt just to add it on to those as endorsements, but then it ends up being terrible coverage, right? So they're actually putting themselves at risk.
So for agents, a lot of the questions, there's just help me understand how to explain this to my clients. Help me know how to know if the option I'm providing them is the right type of option. Help me know what these coverages mean. Like really just walk me through this, like what does it mean to have comprehensive cyber, like how do I translate that to a client?
Like it's that kind of stuff. So we when we go to agents, when we provide them a quote to give to their client, we don't just give them a quote. We're giving them a quote. We're giving them education. We're giving them that risk quantification, we're giving them that gap analysis, all sorts of stuff.
Not gap analysis that's going to the MSP. We're giving them the risk quantification and the price benchmarking. It's hey, you're here because you're not very secure. Go to your MSP, deliver this thing, get this secure. You're gonna see a lower rate. It's that kind of mindset.
We want to help them sell that cyber in a way that doesn't make, doesn't mean they have to become an expert, although we would love for them to be, but let's provide 'cause insurance. I think that's a, you talk about what keeps MSPs up at night. A lot of agents, I think. Are up at night because they're expected to be the expert.
They're the ones selling insurance, right? So it's I'm not gonna sell cyber if I don't feel confident selling cyber. So we wanna help boost their confidence. When it comes to carriers, the thing that carriers need right now is data. Not data, like all this information about your cookies and megapixels and all that kind of stuff.
They just need to know okay, what sort of. A good example is, I brought up Tres before, but there have been times where we've had to go to BAT for Tres because carriers say, oh, this, what's this tres thing? What's a tres? They're not on our MDR list. And I was like let's tell you about tres and why would that
[00:49:13] Mikey Pruitt: they should be,
[00:49:14] Will Brooks: they should be, it's like that kind of mindset. But carriers without enough data if they don't have enough clients who have huntress, for example, or Black Point, for example. They're not gonna all of a sudden just add those to their approved list. So if we can get more and more of our clients to get policies with carriers who are, who have Tres, who have Black Point, like those kind of things, that's gonna boost the carrier's knowledge of who those vendors are.
And then they're gonna see over time, oh everyone who had those never, they never saw an attack that lasted more than X amount of minutes or whatever or cost X amount of dollars. They're awesome. We wanna add them to our list, right? So like for us, it's not so much what are carriers asking us, it's what we wanna give carriers.
If we can show carrier. And that's what we really try to utilize our vendor partnerships for is if we partner with a vendor, we're like, look, we can't we're probably not gonna be able to pass you leads just because of the way that our company operates in the insurance world. But what we can do is.
Any clients that come to us that have your tool, we are now building this data pool of how few of them have ever seen an incident to our carriers. It's that kind of thing. That's really where the benefit to the carrier. That's our hope is by, because we access so many carriers, can we give them the data they need to see if a vendor is worth the risk to them.
[00:50:38] Mikey Pruitt: That's a really great service actually. I'm glad you guys are working on that.
[00:50:43] Will Brooks: Yeah, but it's a long road. Don't get me wrong. Like I said, brought up before carriers have, carriers are looking at data from two years ago, so it's like, all right, we're getting there. Let's just, it's gonna take some time.
[00:50:55] Mikey Pruitt: We do have some time, so Godspeed will and team. So I appreciate you joining me today, carrying me. I'm still a little bit rough under the weather here, but I really do believe, will, that you and your team are like a bridge between these two worlds, and I'm really happy to see you guys in that position.
I think you're gonna be good stewards at the cyber slash security relationship.
[00:51:21] Will Brooks: Yeah.
[00:51:22] Mikey Pruitt: The cyber insurance relationship.
[00:51:24] Will Brooks: Yeah. Mikey, it's been really fun. And it's just it really is. An amazing opportunity to blend worlds that on paper should be best friends, but in reality are currently at odds with each other.
So it's fun creating that pathway and that's what we're all about.
[00:51:41] Mikey Pruitt: Absolutely. Thank you for joining me, will.
[00:51:43] Will Brooks: Yeah, of course.